StoRM ATLAS token config example

StoRM developers provided token configuration example that should cover needs of ATLAS sites with common ATLASDATADISK and ATLASSCRATCHDISK.
WLCG-AuthZ-WG · Dec 25, 2023 · 1fc54d0 · 1fc54d0
1 parent c5915c2
commit 1fc54d0
Showing 1 changed file with 74 additions and 1 deletion.
diff --git a/docs/token-based-authorization/configuration/storm.md b/docs/token-based-authorization/configuration/storm.md
@@ -138,7 +138,80 @@ documentation][storm-webdav-tpc-doc].
 
 ### ATLAS
 
-> TODO: insert example here
+StoRM WebDAV configuration for the one and unique disk storage area “atlas” is
+* /etc/storm/webdav/sa.d/atlas.properties
+```
+# The contents of this file was generated by Puppet
+name=atlas
+rootPath=/storage/gpfs_atlas/atlas
+filesystemType=posix
+accessPoints=/atlas
+vos=
+orgs=https://atlas-auth.web.cern.ch/
+authenticatedReadEnabled=false
+anonymousReadEnabled=false
+voMapEnabled=false
+voMapGrantsWritePermission=false
+orgsGrantReadPermission=false
+orgsGrantWritePermission=false
+wlcgScopeAuthzEnabled=true
+fineGrainedAuthzEnabled=true
+```
+* /etc/storm/webdav/config/application.yml
+```
+oauth:
+  enable-oidc: true  
+  issuers:
+    - name: atlas
+      issuer: https://atlas-auth.web.cern.ch/
+
+storm:
+  authz:
+    policies:
+    - sa: atlas
+      description: Grant all access to atlas prod VOMS group members for /atlas/atlasdatadisk and its subfolders
+      actions:
+        - all
+      paths:
+        - /atlasdatadisk/**
+      effect: permit
+      principals:  
+        - type: fqan
+          params:
+            fqan: /atlas/Role=production/Capability=NULL
+    - sa: atlas
+      description: Grant only read and list access to atlas VOMS group members for /atlas/atlasdatadisk and its subfolders
+      actions:
+        - read
+        - list
+      paths:
+        - /atlasdatadisk/**
+      effect: permit
+      principals:
+        - type: vo
+          params:
+            vo: atlas
+    - sa: atlas
+      description: Grant all access to atlas VOMS group members for /atlas/atlasscratchdisk and its subfolders
+      actions:
+        - all
+      paths:
+        - /atlasscratchdisk/**
+      effect: permit
+      principals:  
+        - type: vo
+          params:
+            vo: atlas
+    - sa: atlas
+      description: Deny VO access to the access point
+      actions:
+        - all
+      effect: deny
+      principals:
+        - type: vo
+          params:
+            vo: atlas
+```
 
 [storm-webdav]: http://italiangrid.github.io/storm/release-notes/storm-webdav/1.2.1/
 [storm-webdav-tpc-doc]: https://github.com/italiangrid/storm-webdav/blob/master/doc/tpc.md